TalinoHRTalinoHR

Employee Self-Service (ESS) Portal

7 min read

The ESS portal allows employees to access their own HR information, file requests, and view payroll data without needing to contact HR directly. All ESS pages are accessible under the /ess/ route prefix.

Accessing the ESS Portal

Users whose only role is EMPLOYEE are automatically directed to the ESS portal upon login. Users with additional roles (e.g., HR_ADMIN + EMPLOYEE, MANAGER + EMPLOYEE) are directed to the admin dashboard but can switch to ESS via the "My ESS Portal" link in the admin sidebar. The ESS portal is separate from the admin interface and only shows information relevant to the logged-in employee.

Admin Users Accessing ESS

Admin users who also have the EMPLOYEE role can access their own ESS portal to view payslips, file leaves, check attendance, etc. To enable this:

  1. The user must have EMPLOYEE included in their roles array (via Settings → Users → Edit Roles)
  2. The user must be linked to an Employee record (SystemUser.employeeId must be set)

Once configured, the "My ESS Portal" link appears in the admin sidebar. When viewing ESS, an "Admin Panel" back-link appears in the ESS header and sidebar, making it easy to switch back to the admin interface.

ESS Pages

Dashboard (/ess/dashboard)

The ESS landing page provides a summary overview including:

  • Quick-access cards for common actions (file leave, view payslip, check attendance)
  • Upcoming events or pending items
  • Recent activity summary

Profile (/ess/profile)

Employees can view their personal and employment information:

  • Personal details (name, contact info, address)
  • Login / Work Email (synced from system user account — this is the email used for login and notifications)
  • Personal Email (shown separately if available)
  • Employment details (position, department, hire date, employment status)
  • Government ID numbers (SSS, PhilHealth, Pag-IBIG, TIN)
  • Emergency contacts
  • Bank account details

Note: Employees can update their phone number, address, and emergency contact details. Other fields including email addresses are managed by HR.

Payslips (/ess/payslips)

Employees can view and download their payslips for all processed payroll runs.

PIN Gate: Payslips are protected by a mandatory PIN for security. Employees must set a payslip PIN before they can view payslips. Once set, the PIN must be verified each session (valid for 30 minutes). The PIN is also used as the password for emailed PDF payslips. Employees who haven't set a PIN will see a setup prompt when visiting the payslips page.

Payslip contents include:

  • Earnings breakdown (basic pay, overtime, holiday pay, NSD, individually itemized allowances such as "Rice Subsidy", "Meal Allowance", etc.)
  • Deductions breakdown (SSS, PhilHealth, Pag-IBIG, tax, loans, individually itemized deductions such as "Union Dues", etc.)
  • Net pay
  • Year-to-date (YTD) totals

Allowances and deductions are shown as individual line items when available (e.g., "Rice Subsidy P2,000" instead of a single "Allowances P5,000"), giving employees full visibility into their compensation components.

  • Company and employee details
  • Bank information

Leaves (/ess/leaves)

Employees can manage their leave requests:

  • View leave balances: See remaining credits for each leave type.
  • File a leave request: Select leave type, date range, and reason. The system validates against available balance.
  • Cancel a leave: Cancel a pending or approved leave request. Cancellation restores the leave balance and removes associated attendance records.
  • Delete a leave: Delete own PENDING leave requests permanently. This removes the record from the system and restores the reserved balance.
  • Track leave status: View all leave applications with their current status (PENDING, APPROVED, REJECTED, CANCELLED).

Leave requests go through the approval workflow — typically approved by the employee's manager or HR.

Attendance (/ess/attendance)

Employees can view their attendance records:

  • Daily attendance log (time in, time out, hours worked)
  • Late minutes, undertime, and absent days
  • Rest day and holiday indicators
  • Leave day markers

Overtime (/ess/overtime)

Employees can file and track overtime requests:

  • File overtime request: Specify the date, number of hours, and reason for overtime.
  • View overtime summary: Cards showing total approved, pending, and rejected OT hours.
  • Track request status: See all OT requests with their status (PENDING, APPROVED, REJECTED).
  • Duplicate detection: The system prevents filing duplicate OT requests for the same date.

Filed overtime requests require manager or HR approval. Only APPROVED overtime is included in payroll computation.

Loans (/ess/loans)

Employees can view their loan records:

  • Active and completed loans (SSS, Pag-IBIG, Company)
  • Loan details: principal, monthly amortization, total paid, remaining balance
  • Payment history per loan
  • Loan status (ACTIVE, PAID, CANCELLED)

Employees can view but not create or modify loan records through ESS.

Performance (/ess/performance)

Employees can participate in the performance review process:

  • Self-assessment: Complete self-assessment forms during the SELF_ASSESSMENT phase of a review cycle.
  • View reviews: See completed performance reviews and ratings.
  • Goals: View assigned goals and track progress.
  • 360 Feedback: Provide peer feedback when requested.

Documents (/ess/documents)

Employees can request and access employment documents:

  • Request COE: Click "Request COE" to generate a Certificate of Employment. The COE is generated as a printable HTML document with company letterhead.
  • View documents: Access previously generated documents.

COE API endpoints:

  • Admin: GET /api/employees/[id]/coe
  • ESS: GET /api/ess/coe

Support (/ess/support)

Employees can submit support requests and communicate with HR:

  • Submit a ticket: Click "New Request" to open a form with subject, category, and details fields. Tickets are assigned a tracking number (TKT-YYYYMM-NNNN).
  • View tickets: See all submitted tickets with their current status (Open, In Progress, Resolved, Closed).
  • Reply to tickets: Click a ticket to view the conversation thread and post replies.
  • Categories: Payroll, Leave, Benefits, Attendance, Performance, IT Support, Policy, Suggestion, Other.

HR admins receive email notifications when tickets are submitted, and employees receive email notifications when HR replies.

ESS Security

  • All ESS API routes are guarded to ensure employees can only access their own data.
  • ESS API routes require both x-employee-id in request headers AND the EMPLOYEE role in the user's roles array. This means admin users must have EMPLOYEE in their roles to access ESS endpoints.
  • Payslip data requires PIN verification before display. The payslips API enforces this server-side via an HMAC-signed cookie (payslip-access, 30-minute TTL) set by POST /api/ess/verify-pin — the UI alone cannot bypass it.
  • All ESS routes are protected by authentication (login required).

ESS Navigation

The ESS sidebar includes navigation items for all 10 pages:

  • Dashboard (Home icon)
  • Profile (User icon)
  • Payslips (Receipt icon)
  • Leaves (Calendar icon)
  • Attendance (Clock icon)
  • Overtime (Timer icon)
  • Loans (Wallet icon)
  • Performance (Target icon)
  • Documents (FileText icon)
  • Support (HelpCircle icon)

Tips for HR Admins

  • Employees are required to set a payslip PIN before viewing payslips. The ESS payslips page will prompt them to create one on first visit.
  • The employee's PIN is used as the PDF password for emailed payslips. If no PIN is set (or the encryption key is not configured), the system falls back to LASTNAME_BIRTHDATE.
  • Employees filing leave requests need sufficient leave balance credits. Verify leave balances are correctly initialized for new employees.
  • Overtime requests filed through ESS must be approved before they affect payroll. The payroll engine reads OvertimeApplication records directly.